# Keeta Basic API Reference This API provides basic functionality for Keeta platform integration, including webhook configuration, authorization management, and OAuth token operations. Version: v.1.0.0 ## Servers ``` https://open.mykeeta.com/api/open ``` ## Download OpenAPI description [Keeta Basic API Reference](https://api-docs.mykeeta.com/_bundle/apis/@standard/basic.yaml) ## Endpoints API endpoints for Keeta platform integration ### Webhook URL Configuration - [POST /base/callback/url/set](https://api-docs.mykeeta.com/apis/standard/basic/endpoints/configurewebhookurl.md): This API enables developers to configure webhook URLs for receiving real-time notifications from the Keeta platform regarding orders, stores, menus, and other relevant business events. ### Get Merchant Authorization Information - [POST /base/authorized/resource/get](https://api-docs.mykeeta.com/apis/standard/basic/endpoints/getauthorizedresources.md): This API retrieves merchant information and authorized store lists based on the authentication token provided in the request, enabling developers to validate access permissions and obtain essential business context. ### OAuth Token Operations - [POST /base/oauth/token](https://api-docs.mykeeta.com/apis/standard/basic/endpoints/oauthtoken.md): This endpoint handles both access token acquisition and token refresh operations based on the grantType parameter. For Access Token Acquisition (grantType = "authorization_code"): This endpoint enables developers to acquire access token from Keeta. For Token Refresh (grantType = "refresh_token"): This endpoint enables developers to refresh access token validity period from Keeta platform. ### Batch Decrypt - [POST /base/batchDecrypt](https://api-docs.mykeeta.com/apis/standard/basic/endpoints/batchdecrypt.md): > 1. For merchant self-delivery or third-party logistics (3PL) orders, this endpoint can be called to decrypt the user's phone number and address. > 2. A maximum of 50 data items can be decrypted at once. > 3. The encrypted data generally uses ENC_ as a prefix. The following data returned by the order details endpoints will be encrypted data (ciphertext data prefixed with ENC_): > 1. recipientInfo.addressLocation > 2. delirecipientInfovery.addressViewInfo > 3. recipientInfo.houseNumber > 4. recipientInfo.phone > 5. recipientInfo.detailAddressStruct > 6. recipientInfo.addressStruct ## Webhooks Webhook notifications sent by Keeta to third-party systems ### OAuth2 Authorization Code Notification - [POST oauth2AuthorizationCodeNotification](https://api-docs.mykeeta.com/apis/standard/basic/webhooks/oauth2authorizationcodenotification.md): This webhook is sent by Keeta to notify the vendor's system when a merchant completes the merchant self-authorization process. Upon receiving this notification, the developer should use the provided authorization code to obtain an access token. Event ID: 1 Important Notes: - The authorization code is single-use and must be exchanged for an access token within 10 minutes of receipt. - Unix timestamp in milliseconds allows the developer's system to verify that the notification was received within a reasonable time window (e.g., within 10 minutes of the timestamp), helping to prevent replay attacks. - The signature must be verified to ensure the webhook message was sent from Keeta. ### Store Authorization Notification - [POST storeAuthorizationNotification](https://api-docs.mykeeta.com/apis/standard/basic/webhooks/storeauthorizationnotification.md): This webhook is sent by Keeta to notify the vendor's system when a merchant grants authorization for a store. This event is triggered when a new store is added to the merchant's authorized store list. This event is triggered when a merchant adds one or more stores to an existing brand authorization. For example, when stores were not fully included during the initial authorization and are subsequently added. Event ID: 1301 Notes: Authorization in Keeta is managed at the brand level, and each brand has a single access token. Expanding the store scope does not affect the existing token. ### Store Authorization Removal Notification - [POST storeAuthorizationRemovalNotification](https://api-docs.mykeeta.com/apis/standard/basic/webhooks/storeauthorizationremovalnotification.md): This webhook is sent by Keeta to notify the vendor's system when a merchant reduces the authorized store scope for a brand. This event is triggered when one or more stores are removed from an existing brand authorization. Event ID: 1302 Note: Authorization in Keeta is managed at the brand level, and each brand has a single access token. Reducing the store scope does not affect the existing token. ### Brand Authorization Removal Notification - [POST brandAuthorizationRemovalNotification](https://api-docs.mykeeta.com/apis/standard/basic/webhooks/brandauthorizationremovalnotification.md): This webhook is sent by Keeta to notify the vendor's system when a merchant fully revokes authorization for a brand. This event is triggered only when the entire brand authorization is removed, meaning all stores under the brand are deauthorized simultaneously. Upon receiving this notification, the developer's system should treat the associated access token as invalid. Event ID: 1303